Re: [pkng] Proposal for a PKS (was Re: json-dsig anyone?)

Leif Johansson <leifj@mnt.se> Wed, 24 March 2010 17:37 UTC

Return-Path: <leifj@mnt.se>
X-Original-To: pkng@core3.amsl.com
Delivered-To: pkng@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC6C73A6C39 for <pkng@core3.amsl.com>; Wed, 24 Mar 2010 10:37:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.319
X-Spam-Level:
X-Spam-Status: No, score=-1.319 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WCjTkqvIy4u1 for <pkng@core3.amsl.com>; Wed, 24 Mar 2010 10:37:39 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by core3.amsl.com (Postfix) with ESMTP id 115E23A6BDF for <pkng@irtf.org>; Wed, 24 Mar 2010 10:37:37 -0700 (PDT)
Received: from [130.129.41.93] (dhcp-wireless-open-a-41-93.meeting.ietf.org [130.129.41.93] (may be forged)) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o2OHbrMT012431 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <pkng@irtf.org>; Wed, 24 Mar 2010 18:37:56 +0100 (CET)
Message-ID: <4BAA4DEB.10105@mnt.se>
Date: Wed, 24 Mar 2010 18:37:47 +0100
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1
MIME-Version: 1.0
To: pkng@irtf.org
References: <4BA666E4.2050408@sunet.se> <p062408bec7cc34119aaa@[10.20.30.158]> <328D39B3-2FE9-4962-BC84-E17BB280504C@cs.tcd.ie> <4BA7B3FD.2070102@sunet.se> <4BA7E192.90408@sunet.se> <4BAA2EB5.7090909@cs.dartmouth.edu>
In-Reply-To: <4BAA2EB5.7090909@cs.dartmouth.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66
Subject: Re: [pkng] Proposal for a PKS (was Re: json-dsig anyone?)
X-BeenThere: pkng@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Public Key Next Generation \(PKNG\) Research Group" <pkng.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/pkng>
List-Post: <mailto:pkng@irtf.org>
List-Help: <mailto:pkng-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2010 17:37:40 -0000

On 03/24/2010 04:24 PM, Massimiliano Pala wrote:
> Hello PK-NGers,
>
> I think that the issue everyone is bringing up is the need to have a way
> to make PK easier than it is now. My take on this is that we need to have
> a Public Key System (PKS) which should be capable of providing support
> for (1) PK deployers, (2) developers (by facilitating interactions among
> different parts of PKI) and (3) the users (by providing easy-to-use
> interfaces).
>
> I would say that we shall avoid the lack of vision that happened with the
> "normal" PKIs. As a metaphor, we might say that in PKIs we are now still
> trying to use a host.txt file instead of setting up a DNS.. and we all
> know how difficult that might be - especially in open environments like
> the Internet. My proposal is to provide a support infrastructure (sevice)
> for easy deployment of PK systems (or trust infrastructures ?)
>
> I am going to submit a new draft soon about the basics of the PKS that
> should allow to support any PK-based system, no matter if it is X.509
> based (to allow the usage of X509) or any other standard as long as it
> is based on some sort of "signed" assertion (e.g., a certificate or a
> signed key) and, of course, public keys :D
>
> Is anybody interested in the idea ? Please let me know..
>

yes!

	Cheers Leif